How to Add an External Directory to Apache Web Root (Symbolic Link vs Alias Configuration)


12 views

When working with Apache HTTP Server, we often need to serve content from directories outside the default DocumentRoot (/var/www/html). This scenario is common when:

  • Maintaining large media files separately
  • Sharing resources between multiple applications
  • Following security best practices by keeping sensitive data outside web root

Method 1: Using Symbolic Links

This approach creates a virtual link within your web root pointing to the external directory:

# Create symbolic link
sudo ln -s /data /var/www/html/data

# Verify permissions
sudo chown -R www-data:www-data /data
sudo chmod -R 755 /data

Key considerations:

  • Maintains original file structure
  • Requires proper filesystem permissions
  • Follows the directory if it moves (soft link)

Method 2: Using Apache Alias Directive

This server configuration method is more flexible and secure:

# Edit Apache configuration
sudo nano /etc/apache2/sites-available/000-default.conf

# Add within VirtualHost section:
Alias /data "/data"
<Directory "/data">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

After saving, restart Apache:

sudo systemctl restart apache2

When exposing external directories:

  • Always restrict access with Directory directives
  • Consider using Require ip for internal networks
  • Disable directory listing with Options -Indexes

For a more robust setup with authentication:

Alias /secure-data "/mnt/external-storage"
<Directory "/mnt/external-storage">
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
    Options -Indexes +FollowSymLinks
    AllowOverride None
</Directory>

If you encounter 403 Forbidden errors:

# Check SELinux context (if enabled)
sudo ls -Z /data
sudo chcon -R -t httpd_sys_content_t /data

# Verify permissions
namei -l /data/path/to/file

When deploying web applications, we often need to serve files from directories outside Apache's default document root (/var/www/html). This could be for security reasons, storage limitations, or maintaining existing file structures. Here are two professional approaches:

The most maintainable solution is creating an Alias in your Apache configuration:

<VirtualHost *:80>
    # ... other directives ...
    
    Alias /data "/data"
    <Directory "/data">
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

For quick testing or temporary solutions, create a symlink:

sudo ln -s /data /var/www/html/data

Then set proper permissions:

sudo chown -R apache:apache /data
sudo chmod -R 755 /data

When exposing external directories:

  • Always restrict access with Directory directives
  • Consider using Require ip for internal networks
  • Disable directory listing with Options -Indexes

For high-traffic sites, consider these optimizations:

<Directory "/data">
    EnableMMAP Off
    EnableSendfile Off
</Directory>

If files aren't accessible:

  1. Check Apache error logs: tail -f /var/log/httpd/error_log
  2. Verify SELinux context: chcon -R -t httpd_sys_content_t /data
  3. Test configuration: apachectl configtest